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CLAIMS 

We Claim: / 

1. A method 
from a second device 
blocking apparatus, s 

terminating a 

assigning an 
virtual pipe, 

receiving co: 



p erformed by a hub for enabling a first device to allow communications 
vherein the first device is separated from the second device by access 
id method comprising: 
virtual pipe from the first device, 

P address to the first device and associating this DP address with the 


iunications originated by the second device and addressed to said IP 

address, 

routing the dommunications addressed to said IP address to the virtual pipe, and 
tunneling the communications over the virtual pipe to the first device. 


2. The method of claim 1 further comprising the steps of: 

receiving ^econd communications originated by the first device through the virtual 
pipe, and 

routing thfe second communications from the first device to the second device. 

3. The method of claim 1 further comprising the step of: 

encryptiqg the communications prior to tunneling the communications over the 
virtual pipe. 


4. The rpethod of claim 1 further comprising the steps of: 

receiving a plurality of communications originated by a plurality of second devices 
and addressed tA the IP address, 

routing the plurality of communications addressed to the DP address to the virtual 
pipe, and 

tunnelifag the plurality of conmiunications over the virtual pipe to the first device. 


5. The 
establis 
based 
to the first devi 


method of claim 1 further comprising the steps of: 
hing an access control list to control access to the first device, and 

the access control list, routing the communications from the second device 
e only if the second device has permission to access the first device. 


cn 


6. The method of claim 1 further comprising the steps of: 
termini iting a second virtual pipe from the second device, 
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assigning a seccmd IP address to the second device, and 

receiving the communications from the second device through the second virtual 


pipe. 


7. The methofl of claim 6 wherein the IP addresses assigned to the first and second 
devices are private IPj addresses. 


8. A system for enabling communications between a first device and a second device 
wherein said first de /ice is separated from said second device by access blocking apparatus, 
said system compris ing: 

a secure hut , and 

a virtual pip^ between the first device and said secure hub, 

said secure lub including a pool of available IP addresses from which an IP address 
le first device, means for associating the assigned IP address with the 
virtual pipe, means for routing communications from the second device and addressed to the 
first device to the virtual pipe, and means for tunneling said communications over the virtual 
pipe to the first de\jice. 


9. The sysi 


communications 
routing routes the 


c ver the virtual pipe from the first device, and wherein said means for 
second communications to the second device. 


em of claim 8 wherein said means for tunneling tunnels second 


10. The s /stem of claim 8 further comprising: 

a virtual ] )ipe between the second device and said secure hub, and wherein said means 
for associating as >ociates a second IP address from the pool of available IP addresses with the 
second virtual pipe, and wherein said means for tunneling tunnels said coinmunications from 
the second devic \ through the second virtual pipe. 


11. The 


lystem of claim 8 further comprising: 


an access control list to control access to the first device, and wherein, based on the 
access control li ;t, said means for routing the communications from the second device to the 
first device rout es the communications only if the second device has permission to access the 
first device. 


12. A 
the public network 


qystem for enabling communication to a first communication device through 
from a second communication device, said first and second 
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communication devices behng separated by at least one security access blocking apparatus, 
said system comprising I 

a secure hub having routing and switching functionality and pipe termination 
functionality and having interfaces to said public network, and 

means for creating a virtual pipe between said secure hub and said first 
communication device for tunneling communication, 

said secure hub mirther including means for assigning an IP address to said first 
communication device smd associating said IP address with said virtual pipe. 


of claim 12 further including means for establishing said 
id second communication device through said public network to said 


13. The systeni 
communication from si 
secure hub. 

14. The systen i of claim 13 wherein said means for establishing said communication 
from said second communication device includes means for defining a second virtual pipe. 

15. The systen of claim 12 wherein said secure hub includes means for defining an 
access control list, said routing and switching functionality routing said communication from 
said second communication device to said virtual pipe only if such access is permitted by said 
access control list. 


